• Th chevron_right

      Millions more in cash needed to fund UK’s open-banking watchdog

      news.movim.eu / TheGuardian · 2 days ago - 12:06

    Exclusive: £10m needed for regulator charged with developing tools to thwart financial crime and protect consumers

    Banks are under pressure to stump up millions of pounds in interim funding for the organisation that polices open banking , with regulators saying the new money is needed to prevent financial crime and protect consumers if things “go wrong”.

    Large banks including NatWest, HSBC, Lloyds and Santander UK were among more than 40 City firms summoned by the Financial Conduct Authority (FCA) last week to discuss a cash injection into Open Banking Limited (OPL), the body that oversees innovation in this area.

    Continue reading...
    • chevron_right

      Hackers can read private AI assistant chats even though they’re encrypted

      news.movim.eu / ArsTechnica · 5 days ago - 12:30 · 1 minute

    Hackers can read private AI assistant chats even though they’re encrypted

    Enlarge (credit: Aurich Lawson | Getty Images)

    AI assistants have been widely available for a little more than a year, and they already have access to our most private thoughts and business secrets. People ask them about becoming pregnant or terminating or preventing pregnancy, consult them when considering a divorce, seek information about drug addiction, or ask for edits in emails containing proprietary trade secrets. The providers of these AI-powered chat services are keenly aware of the sensitivity of these discussions and take active steps—mainly in the form of encrypting them—to prevent potential snoops from reading other people’s interactions.

    But now, researchers have devised an attack that deciphers AI assistant responses with surprising accuracy. The technique exploits a side channel present in all of the major AI assistants, with the exception of Google Gemini. It then refines the fairly raw results through large language models specially trained for the task. The result: Someone with a passive adversary-in-the-middle position—meaning an adversary who can monitor the data packets passing between an AI assistant and the user—can infer the specific topic of 55 percent of all captured responses, usually with high word accuracy. The attack can deduce responses with perfect word accuracy 29 percent of the time.

    Token privacy

    “Currently, anybody can read private chats sent from ChatGPT and other services,” Yisroel Mirsky, head of the Offensive AI Research Lab at Ben-Gurion University in Israel, wrote in an email. “This includes malicious actors on the same Wi-Fi or LAN as a client (e.g., same coffee shop), or even a malicious actor on the Internet—anyone who can observe the traffic. The attack is passive and can happen without OpenAI or their client's knowledge. OpenAI encrypts their traffic to prevent these kinds of eavesdropping attacks, but our research shows that the way OpenAI is using encryption is flawed, and thus the content of the messages are exposed.”

    Read 36 remaining paragraphs | Comments

    • Th chevron_right

      Phantom Parrot review – cautionary tale of state surveillance and the war on privacy

      news.movim.eu / TheGuardian · 7 days ago - 11:00

    A compelling documentary on digital war-on-terror laws that centres on a programme that can mean prison for anyone who refuses UK police access to their smartphones

    We all know (and are largely complacent) about the limitless possibilities for digital surveillance and data collection by corporations intent on selling us things, or using our existence to sell advertising. Kate Stonehill’s film is about the more old-fashioned subject of state surveillance and specifically the existence of a disquieting new programme in the UK nicknamed “Phantom Parrot”: the practice of remote spying on mobile phone use.

    Stonehill’s film is also about schedule 7 of the 2000 Terrorism Act , which gives the police powers to search people at UK borders, without needing explicit grounds for suspicion on terrorism. That legislation was brought in before the smartphone was invented, but means that officers can demand detainees hand over their PINs and passcodes to all devices on pain of prosecution and a three-month prison sentence. Because, for all that almost all the information exists on external servers and the cloud, there are still some things which are only held on this handset, to which most of us entrust our entire existence.

    Continue reading...
    • chevron_right

      Airbnb bans creepy surveillance cameras inside rentals starting April 30

      news.movim.eu / ArsTechnica · Monday, 11 March - 20:43

    camera hidden in flower pot indoors

    Enlarge (credit: Liudmila Chernetska/Getty )

    Airbnb, like hotels and rival vacation rental site Vrbo , will no longer allow hosts to record guests while they're inside the property. Airbnb previously allowed hosts to have disclosed cameras outside the property and in "common areas" inside, but Airbnb's enforcement of the policy and the rules' lack of specificity made camera use troubling for renters.

    Airbnb announced today that as of April 30, it's "banning the use of indoor security cameras in listings globally as part of efforts to simplify our policy on security cameras and other devices" and to prioritize privacy.

    Cameras that are turned off but inside the property will also be banned, as are indoor recording devices. Airbnb's updated policy defines cameras and recording devices as "any device that records or transmits video, images, or audio, such as a baby monitor, doorbell camera, or other camera."

    Read 11 remaining paragraphs | Comments

    • Sl chevron_right

      Contact publication

      pubsub.blastersklan.com / slashdot · Monday, 11 March - 18:18 edit · 1 minute

    Airbnb will no longer allow hosts to use indoor security cameras, regardless of where they're placed or what they're used for. In an update on Monday, Airbnb says the change to "prioritize the privacy" of renters goes into effect on April 30th. From a report: The vacation rental app previously let hosts install security cameras in "common areas" of listings, including hallways, living rooms, and front doors. Airbnb required hosts to disclose the presence of security cameras in their listings and make them clearly visible, and it prohibited hosts from using cameras in bedrooms and bathrooms. But now, hosts can't use indoor security cameras at all. The change comes after numerous reports of guests finding hidden cameras within their rental, leading some vacation-goers to scan their rooms for cameras. Airbnb's new policy also introduces new rules for outdoor security cameras, and will now require hosts to disclose their use and locations before guests book a listing. Hosts can't use outdoor cams to keep tabs on indoor spaces, either, nor can they use them in "certain outdoor areas where there's a great expectation of privacy," such as an outdoor shower or sauna.

    Read more of this story at Slashdot.

    Airbnb is Banning Indoor Security Cameras
    • wifi_tethering open_in_new

      This post is public

      yro.slashdot.org /story/24/03/11/1627246/airbnb-is-banning-indoor-security-cameras

    • chevron_right

      Spain tells Sam Altman, Worldcoin to shut down its eyeball-scanning orbs

      news.movim.eu / ArsTechnica · Wednesday, 6 March - 15:19

    A spherical device that scans people's eyeballs.

    Enlarge / Worldcoin's "Orb," a device that scans your eyeballs to verify that you're a real human.

    Spain has moved to block Sam Altman’s cryptocurrency project Worldcoin, the latest blow to a venture that has raised controversy in multiple countries by collecting customers’ personal data using an eyeball-scanning “orb.”

    The AEPD, Spain’s data protection regulator, has demanded that Worldcoin immediately ceases collecting personal information in the country via the scans and that it stops using data it has already gathered.

    The regulator announced on Wednesday that it had taken the “precautionary measure” at the start of the week and had given Worldcoin 72 hours to demonstrate its compliance with the order.

    Read 16 remaining paragraphs | Comments

    • Sc chevron_right

      Surveillance through Push Notifications

      news.movim.eu / Schneier · Monday, 4 March - 22:38 · 1 minute

    The Washington Post is reporting on the FBI’s increasing use of push notification data—”push tokens”—to identify people. The police can request this data from companies like Apple and Google without a warrant.

    The investigative technique goes back years. Court orders that were issued in 2019 to Apple and Google demanded that the companies hand over information on accounts identified by push tokens linked to alleged supporters of the Islamic State terrorist group.

    But the practice was not widely understood until December, when Sen. Ron Wyden (D-Ore.), in a letter to Attorney General Merrick Garland, said an investigation had revealed that the Justice Department had prohibited Apple and Google from discussing the technique.

    […]

    Unlike normal app notifications, push alerts, as their name suggests, have the power to jolt a phone awake—a feature that makes them useful for the urgent pings of everyday use. Many apps offer push-alert functionality because it gives users a fast, battery-saving way to stay updated, and few users think twice before turning them on.

    But to send that notification, Apple and Google require the apps to first create a token that tells the company how to find a user’s device. Those tokens are then saved on Apple’s and Google’s servers, out of the users’ reach.

    The article discusses their use by the FBI, primarily in child sexual abuse cases. But we all know how the story goes:

    “This is how any new surveillance method starts out: The government says we’re only going to use this in the most extreme cases, to stop terrorists and child predators, and everyone can get behind that,” said Cooper Quintin, a technologist at the advocacy group Electronic Frontier Foundation.

    “But these things always end up rolling downhill. Maybe a state attorney general one day decides, hey, maybe I can use this to catch people having an abortion,” Quintin added. “Even if you trust the U.S. right now to use this, you might not trust a new administration to use it in a way you deem ethical.”

    • Th chevron_right

      Scrap plans to scan accounts of benefit claimants or risk new scandal, MPs told

      news.movim.eu / TheGuardian · Monday, 4 March - 12:31

    Campaigners say ‘fully automated’ approach risks repeat of Post Office Horizon scandal

    Plans for automated surveillance of millions of bank accounts to catch welfare cheats should be scrapped, campaigners have said, warning the approach risks a repeat of the Post Office Horizon scandal.

    The Department for Work and Pensions is seeking new powers to require banks to trawl the accounts of millions of people who receive benefits in an effort to cut the £8bn currently lost annually to welfare fraud. The plan is close to being passed into law by parliament and will be “fully automated”, the government said. It is likely to use artificial intelligence to flag activity considered suspicious by the DWP.

    Continue reading...
    • Sl chevron_right

      Contact publication

      pubsub.blastersklan.com / slashdot · Thursday, 29 February - 22:42 edit · 1 minute

    An anonymous reader quotes a report from Ars Technica: Video doorbell cameras have been commoditized to the point where they're available for $30-$40 on marketplaces like Amazon, Walmart, Temu, and Shein. The true cost of owning one might be much greater, however. Consumer Reports (CR) has released the findings of a security investigation into two budget-minded doorbell brands, Eken and Tuck, which are largely the same hardware produced by the Eken Group in China, according to CR. The cameras are further resold under at least 10 more brands. The cameras are set up through a common mobile app, Aiwit. And the cameras share something else, CR claims: "troubling security vulnerabilities." Among the camera's vulnerabilities cited by CR: - Sending public IP addresses and Wi-Fi SSIDs (names) over the Internet without encryption - Takeover of the cameras by putting them into pairing mode (which you can do from a front-facing button on some models) and connecting through the Aiwit app - Access to still images from the video feed and other information by knowing the camera's serial number. CR also noted that Eken cameras lacked an FCC registration code. More than 4,200 were sold in January 2024, according to CR, and often held an Amazon "Overall Pick" label (as one model did when an Ars writer looked on Wednesday). CR issued vulnerability disclosures to Eken and Tuck regarding its findings. The disclosures note the amount of data that is sent over the network without authentication, including JPEG files, the local SSID, and external IP address. It notes that after a malicious user has re-paired a doorbell with a QR code generated by the Aiwit app, they have complete control over the device until a user sees an email from Eken and reclaims the doorbell. "These video doorbells from little known manufacturers have serious security and privacy vulnerabilities, and now they've found their way onto major digital marketplaces such as Amazon and Walmart," said Justin Brookman, director of tech policy at Consumer Reports, in a statement. "Both the manufacturers and platforms that sell the doorbells have a responsibility to ensure that these products are not putting consumers in harm's way."

    Read more of this story at Slashdot.

    Cheap Doorbell Cameras Can Be Easily Hijacked, Says Consumer Reports
    • wifi_tethering open_in_new

      This post is public

      yro.slashdot.org /story/24/02/29/2117215/cheap-doorbell-cameras-can-be-easily-hijacked-says-consumer-reports